IT Network and Cybersecurity Engineer

Position Summary

The Network & Cybersecurity Engineer is responsible for designing, securing, and maintaining the organization’s converged IT/OT network infrastructure across datacenters, corporate environments, and industrial sites. The role ensures high-availability operations for critical systems such as SCADA, DCS, RTUs, PLCs, historians, and enterprise platforms, while maintaining compliance with cybersecurity and governance frameworks (ISO 27001, NIST, IEC 62443). This position collaborates closely with Operations, IT, OT, and Cybersecurity teams to implement robust network architectures, enforce security policies, and support digital transformation initiatives.

• Design, implement, and maintain IP-based networks across corporate, datacenter, and industrial environments.
• Manage Layer 2/Layer 3 switching, VLAN segmentation, routing (OSPF/BGP), and network resiliency protocols (STP/RSTP/VRRP).
• Support and optimize distributed networks across multiple sites, including WAN/MPLS/SD-WAN.
• Implement and maintain datacenter routing and switching architectures.
• Maintain virtualization infrastructure (VMware/Hyper‑V and Nutanix).

• Administer DNS/DHCP, NTP, and network core services.

• Implement and manage enterprise and industrial firewalls (Palo Alto, Fortinet, Cisco, industrial DMZ firewalls).
• Maintain SIEM systems (Azure Sentinel, QRadar, Splunk, etc.) including rule tuning, log ingestion, alerts, and threat detection.
• Conduct vulnerability assessments, patching cycles, and hardening of devices (network, servers, OT).
• Implement Zero Trust and defense-in-depth strategies.
• Monitor for unauthorized changes, anomalous traffic, and cybersecurity events.

• Support and secure Industrial Control Systems including SCADA, RTUs, PLCs, DCS, historians, OPC/OPC‑UA servers.
• Implement segmentation and demilitarized zones (IDMZ), enforcing IEC 62443 network zones & conduits.
• Protect industrial protocols (Modbus, DNP3, IEC 61850, PROFINET, BACnet, HART, etc.).
• Support secure remote access for vendors, OEMs, and contractors via PAM/MFA.
• Ensure availability of critical OT communications and telemetry.

• Maintain alignment with ISO 27001:2022, NIST CSF, IEC 62443, and SOC principles.
• Support internal and external audits with evidence collection and documentation.
• Contribute to Risk Registers, Change Request processes, and Security Exceptions.
• Develop and update cybersecurity policies, SOPs, and configuration baselines.

• Participate in ITIL-aligned service management (Incident, Problem, Change, Release).
• Maintain accurate documentation: network diagrams, asset inventory, configs, runbooks.
• Prepare and implement change controls for network and security modifications.
• Conduct impact assessments and root cause analysis for service interruptions.

• Troubleshoot network, firewall, VPN, and cybersecurity issues end-to-end.
• Support high-availability environments (HA firewalls, redundant links, clustered servers).
• Perform configuration backups, change diffs, and system restore testing.
• Provide Level 3 technical support for critical incidents.

• Technical Certifications
• CCNA (mandatory)
• CCNP (preferred/mandatory depending on role level)

CISSP (strongly preferred or in progress)

IEC 62443 certifications (preferred)

Additional beneficial certifications:

• Fortinet NSE 4–7
• Palo Alto PCNSA/PCNSE
• Microsoft AZ‑500 or SC‑200
• VMware VCP
• CompTIA Security+/CySA+

Bachelor’s degree in computer engineering, IT, Cybersecurity, or related fields.

• 5–12+ years of experience in IT/Network Engineering, Cybersecurity, or OT/SCADA systems.
• Hands‑on experience with distributed sites, datacenter networks, and industrial operations.
• Experience securing OT environments in Oil & Gas, Energy, Utilities, Manufacturing, or Industrial plants.
• Proven ability to configure and manage enterprise firewalls and SIEM tools.
• Experience with network monitoring tools (Solar Winds, PRTG, Zabbix, Nagios,…